[PLUG] VNC, SSH, and iptables [was: Transfering mozilla mail and newsgroup settings fromlinux to windows]

[Michael Holland]

On Sun, 9 May 2004, Ari Finander wrote:

> password. I then did an "su -l" and turned off the Fedora firewall for
> it to work! I was able to forward the emails I required to myself. What

Ari,
I suggest that your firewall should be between your LAN and the internet,
not between local hosts, unless you really want that extra security. (That
OK James? ) ( e.g. if LAN includes windoze boxes run by family members who
think Bonzi Buddy is good.)
  Just enable firewalling on the interface to your modem.

BTW, the easiest minimal protection is from a modem with built-in NAT etc.

> 1. Open a hole in the Fedora firewall for SSH (putty) from my laptop.
> Unless I'm mistaken, Fedora uses a generated file that it tells you not
> to edit to load the iptables rules on startup. Is it okay to edit this
> file?

"A little light comes on saying please do not push this button again".
They probably say that for a reason. Allowing ssh through a firewall is so
common that there must be a little box to tick in the GUI for it.

> Do I only need to open a hole at TCP port 22? How can I tell is
> OpenSSH is already running (ps -aux | grep openssh)?

It needn't be running (though thats faster). Some daemons are launched as
needed by inetd and cousins.

> 2. When I connect using PuTTy to the Fedora box from my windows laptop,
> how should I initiate the VNC environment? The other day I was using
> RealVNC 4.0beta from my WinXP desktop.

You want to start the VNC server on the Linux box? RTFM. man vncserver.
Its a script to start the Xvnc server.

regards, Mike.